whitelist calls to functions that always throw an exception

erik-krogh · erik-krogh · commit 0933235132d1 · 2019-10-08T11:54:57.000+02:00
diff --git a/javascript/ql/src/Statements/UseOfReturnlessFunction.ql b/javascript/ql/src/Statements/UseOfReturnlessFunction.ql
@@ -21,8 +21,6 @@ predicate returnsVoid(Function f) {
 }
 
 predicate isStub(Function f) {
-    f.getBodyStmt(0) instanceof ThrowStmt
-    or
     f.getBody().(BlockStmt).getNumChild() = 0 
     or
     f instanceof ExternalDecl
@@ -76,10 +74,20 @@ predicate oneshotClosure(InvokeExpr call) {
   call.getCallee().getUnderlyingValue() instanceof ImmediatelyInvokedFunctionExpr
 }
 
+predicate alwaysThrows(Function f) {
+  exists(ReachableBasicBlock entry, DataFlow::Node throwNode |
+    entry = f.getEntryBB() and
+    throwNode.asExpr() = any(ThrowStmt t).getExpr() and
+    entry.dominates(throwNode.getBasicBlock())
+  )
+}
+
 from DataFlow::CallNode call
 where
   not call.isIndefinite(_) and 
-  forex(Function f | f = call.getACallee() | returnsVoid(f) and not isStub(f)) and
+  forex(Function f | f = call.getACallee() |
+    returnsVoid(f) and not isStub(f) and not alwaysThrows(f)
+  ) and
   
   not benignContext(call.asExpr()) and
   
diff --git a/javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js b/javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
@@ -56,4 +56,16 @@
 	var oneOfEach = Math.random() > 0.5 ? onlySideEffects : returnsValue;
 	var g = oneOfEach(); // OK
 	console.log(g);
+	
+	function alwaysThrows() {
+		if (Math.random() > 0.5) {
+			console.log("Whatever!")
+		} else {
+			console.log("Boo!")
+		}
+		throw new Error("Important error!")
+	} 
+	
+	var h = returnsValue() || alwaysThrows(); // OK!
+	console.log(h);
 })();
